Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment

详细信息    查看全文

• 作者：Lau Lap Bann ; Manmeet Mahinderjit Singh ; Azman Samsudin
• 关键词：Security policy ; Spear Phishing ; Access Control Policy Tool (ACPT) ; OWASP risk rating methodology
• 刊名：Procedia Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：72
• 期：Complete
• 页码：129-136
• 全文大小：210 K

文摘

With the advent of pervasive and ubiquitous mobile devices, Bring Your Own Device (BYOD) trend is steadily gaining traction amongst many corporations, in allowing the extensive utilization of mobile devices in handling work-related data. However, there are several drawbacks to this approach, one of which is the risks resulted from the occurrence of Advanced Persistent Threat (APT). The goal of APT is to exfiltrate and leak important and sensitive corporate information through exploitation of vulnerabilities within BYOD environment. This paper addresses the APT issue via spear phishing attacks within BYOD environment, through the mediation provided by security policies. The devising of Mandatory Access Control (MAC) security policies using ACPT includes the implementation of environment attributes along with the specification of proposed policy rules for organizations is proven to be the most suitable policy mechanism for BYOD environment. Guidelines in mitigating APT via spear phishing are briefly discussed as well.